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The recent discovery of the Loaoi minin g Troi an 
fhttPS.V/blQg .finian.com/loaDi-minin g -troi an/l - a multi-faceted 
piece of malware with potentially device-killing consequences for 
users of Android hardware - has thrown the spotlight onto an 
emerging trend in malicious software design. This involves the 






























engineering of malware code aimed at co-opting the system 
resources of a victim's hardware, for the purpose of mining 
cryptocurrencies. 

This process has been dubbed "cryptojacking", and its 
methodology and implications for cyber-security will form the 
basis of discussion for this article. 

Cryptojacking - Incentives for Bad Behavior 

Frenetic activity continues in the cryptocurrency 
fhttDs:/ /www.cvberisk.biz/blockchain-and-virtual-currencv /f sector, 
with recent dramatic hikes and plunges in the value of Bitcoin and 
other denominations hitting the mainstream news. With such wild 
fluctuations and the relative immaturity of the market, there's 
plenty of money to be made - and not only by the investors. 

Cryptocurrencies are generated through the di g ital process of 
minin g (https:/ /www.scientificamerican.com/article/is-vQur- 
comDuter-secretlv-minin a -bitcoin-alternatives-a- a uide-to-ldauo- 
crv ptoiackin a-rdquo/V whereby users participating in a mining 
scheme dedicate a proportion of their system's processing and 
computing power to the solution of complex mathematical 
problems, in anticipation of the award of cryptocurrency credits for 
a successful calculation. 

Many cryptocurrency miners across the globe submit to this 
process willingly, as a potential revenue stream for themselves. But 
cyber-criminals have also warmed to the idea, and to the notion of 



tricking unsuspecting computer owners into contributing their 
system resources to the mining effort unwittingly. 


It's been estimated that 220 of the top 1,000 websites in the world 
are conducting cryptojacking operations, making a total of $43,000 
over a three week period. Though some of them are doing it with 
the consent of their site visitors, the majority of cryptojackers are 
working under the veil of secrecy. 

It's a cheaper and lower-risk strategy than ransomware distribution 
- and offers the potential for far greater financial rewards, over a 
sustained period. And there's an entire ecosystem emerging to 
assist these perpetrators in their cryptojacking efforts. 

Facilitating Measures 

Mining activity for Bitcoin (the most high-profile of the 
cryptocurrencies) is a complex process reguiring specialized 
hardware and a huge amount of energy. It's been estimated that 
each Bitcoin mining transaction consumes enough energy to boil 
around 36,000 kettles filled with water - and that in a single year, 
the global Bitcoin mining operation consumes more energy than 
the Republic of Ireland. 

Lacking such huge resources, "citizen" cryptocurrency miners, 
therefore, turn to less intensive alternatives, such as Monero, which 
requires no specialized computing equipment. 



In mid-September 2017, a company named Coinhive launched a 
piece of commercial software that can be written into the content 
of a web page (typically in the form of an ad), using the common 
language of JavaScript. When such a page loads, the script starts 
mining the Monero cryptocurrency, in the background. 

Torrenting website The Pirate Bay almost immediately sna p ped it 
up fhttps:/ /www.wired.com/storv /crv ptoiackin a -crvptocurrencv - 
minin a -browser /Y pitching the donation of some processor time to 
their users as an alternative to in-page advertising. And Coinhive 
clones of various stripes have been emerging, ever since. 

Many developers of these mining programs are touting them as an 
alternative revenue stream for websites, and some sites have 
already adopted a "mining with consent" policy in fund-raising for 
charitable causes such as disaster relief. Coinhive has introduced 
a new version of its product, known as AuthedMine . which requires 
authorization/consent 

fhttDS.V /www. wired.com/storv /crv ptoiackin a -has- g otten-out-of- 
control /1 from users before their systems can be co-opted for 
Monero mining. 

But with the vast majority of cryptocurrency mining software 
offering no opt-in or opt-out choices to the user - and with the 
programs typically running discreetly beneath the surface - 
unsuspecting web surfers are still very much victims of the 
cryptojacking phenomenon. 



No Need to Install 

The JavaScript medium used in Coinhive, AuthedMine, and the like 
ensures that the code required for cryptocurrency mining doesn't 
have to be installed as a separate application, and can run in any 
standard web browser. Once a page containing the relevant script 
is loaded, the program runs automatically - eliminating the need to 
announce its presence, or ask for user consent. 

Hackers have already been successful in introducing cryptojacking 
scripts onto the Showtime and PolitiFact websites, and on 
eCommerce platforms. A Starbucks Wi-Fi hotspot in Buenos Aires 
('https:/ /slate.com/technolo av /2018/02/what-is-crvptoi ackin a -the- 
bitcoin-and-monero-minin a- process-that-steals-vour-computin a- 
power-explained.htmh . Argentina was hijacked in December 2017 
by enterprising hackers who tapped into the system resources of 
fellow coffee-drinkers to boost their mining efforts. 

And in January of this year, cryptojacking code was discovered in 
Archive Poster f htt Ps:/ /www.inverse.com/article/39855- 
crv ptocurrencv -aooa le-chrome-minin a -monero j. a Chrome 
browser extension designed to facilitate user interactions with 
Tumblr posts stored in archives. The extension has since been 
withdrawn, but given their relative ease of construction, we can 
expect to see more variants on the Monero-mining code popping 
up (or rather, hiding in the shadows), in future. 


Device-Killing Overheads 



There's been less of an uproar over the cryptojacking trend than for 
some malware phenomena such as ransomware, as the in¬ 
browser code now doing the rounds is often subtle (creating little 
discernible impact on a victim's system performance), and not 
actively doing damage to information or files. 

However, this isn't to suggest that cryptojacking has zero 
conseguences. Besides the deceit and privacy violation of software 
that runs without a user's knowledge or consent, there can be 
discernible effects on enterprise networks affected by the 
software, and for victims of cryptojacking using mobile devices. 

For the enterprise, the stolen CPU cycles of a massive 
cryptojacking exercise could slow down network operations and 
have a negative impact on business continuity and overall system 
availability. Time, money, and effort devoted to IT troubleshooting 
and help desk activities in tracing the root of the problem and 
replacing network components or complete systems might also 
take a serious toll. 

Individual computer or mobile device owners will typically notice a 
slowing down of their systems if affected by a cryptojacking 
attack. If the assault continues for any length of time, the 
increased load on their processor may lead to rising device or 
system temperatures, and thermal stresses on their batteries. In 
extreme cases (such as with the Loapi mining Trojan), the rise in 
battery temperature may be sufficiently high to kill off a 
smartphone or tablet, entirely. 



When you bear in mind that many perpetrators rely on a 
combination of in-browser cryptojacking scripts and targeted 
malware for their operations, the risk to mobile hardware remains a 
viable one. 

Counter-Measures and Protection 

As cryptocurrency mining code is being developed with an eye to 
thwarting signature-based methods of detection, standard anti¬ 
virus and endpoint protection tools are not a reliable defense 
against cryptojacking. 

Far more effective is the creation of a safer browsing environment, 
through the installation and proper configuration of ad-blocking 
and anti-cryptomining extensions. Web filtering tools should also 
be regularly updated to reflect the discovery of websites and pages 
that deliver cryptojacking scripts. 

A mobile device mana g ement 

fhttPs:/ /www.csoonline.com/article/3253572/internet/what-is- 
crv ptoiackin a -how-to-prevent-detect-and-recover-from-it.htmh 
(MDM) system can facilitate the enterprise-wide enforcement of 
whitelisted sites and applications, and remains the best option for 
organizations which maintain a Bring Your Own Device (BYOD) 
policy. 

As far as security awareness training goes, efforts should focus on 
educating users to identify and avoid social engineering and 
phishing strategies which aim at steering victims to sites operating 



cryptojacking scripts, or facilitating the infection of user devices 
with cryptocurrency mining malware. 
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